This section describes the use of sssd to authenticate user logins against an Active Directory via using sssd’s “ad” provider. At the end, Active Directory users will be able to login on the host using their AD credentials. Group membership will also be maintained.
systemd-resolve --status
)ad1.example.com
.Install the following packages:
sudo apt install sssd-ad sssd-tools realmd adcli
We will use the realm
command, from the realmd
package, to join the domain and create the sssd configuration.
Let’s verify the domain is discoverable via DNS:
$ sudo realm -v discover ad1.example.com
* Resolving: _ldap._tcp.ad1.example.com
* Performing LDAP DSE lookup on: 10.51.0.5
* Successfully discovered: ad1.example.com
ad1.example.com
type: kerberos
realm-name: AD1.EXAMPLE.COM
domain-name: ad1.example.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
This performs several checks and determines the best software stack to use with sssd. sssd can install the missing packages via packagekit, but we installed them already previously.
Now let’s join the domain:
$ sudo realm join ad1.example.com
Password for Administrator:
That was quite uneventful. If you want to see what it was doing, pass the -v
option: